Professional Microsoft IIS 8
, by Schaefer, Kenneth; Cochran, Jeff; Forsyth, Scott; Glendenning, Dennis; Perkins, Benjamin
- ISBN: 9781118388044 | 1118388046
- Cover: Paperback
- Copyright: 11/28/2012
This book is a complete reference to IIS 8---both for developers and administrators. In addition to covering the common administrative tasks, this book will take an in depth look at IIS 8 extensibility and operations management. This information will be pulled from people running major intranets and web hosting facilities. The book will differentiate itself from other IIS 8 books by: Covering administration options beyond GUI tools, including the usage of the Powershell provider and AppCmd tool, and other automated options. This will cater for the growing usage of Server Core as a web hosting platform, as well as enterprise environments, where automated/scripted administration is a requirement The inclusion of sections where developers, or developer-oriented SysAdmins can extend IIS 8.0 using ISAPI or HTTPModules The inclusion of content around management processes, operations procedures and monitoring Delving deeply into topics such as security protocols (Kerberos, NTLM, PKI/SSL), high availability/load balancing which are generally deemed to be too complex for other IIS books. As with the current edition, the book will also show admins and developers how to: Automate administrative tasks. Monitor and manage an IIS environment, including MOF (Microsoft Operations Framework) and MOM (Microsoft Operations Manager). Debug and troubleshoot IIS. Few people (outside Microsoft) have the necessary information on available tools and how to use them effectively. Secure the IIS environment Extend IIS 8. Master advanced topics (such as Network Load Balancing/High Availability) that are not covered by other books. Our author team has experience in large scale IIS hosting that few others do.
Ken Schaefer is a senior architect at HP Enterprise Services and a coauthor of Professional IIS 7. He is a Microsoft MVP for Window Server/IIS.
Jeff Cochran is a senior network specialist for the City of Naples, Florida.
Scott Forsyth is the co-founder and Chief Systems Engineer of Vaasnet, and a Microsoft MVP for ASP.NET/IIS.
Dennis Glendenning is an enterprise solutions architect with Avanade.
Benjamin Perkins is a senior support escalation engineer at Microsoft Deutschland.
INTRODUCTION xxvii
PART I: INTRODUCTION AND DEPLOYMENT
CHAPTER 1: BACKGROUND ON IIS AND NEW FEATURES IN IIS 8.0 3
IIS Versions 1.0 to 4.0 4
IIS 5.0 and 5.1 4
IIS 6.0 5
Secure by Default 5
Request Processing 5
Additional Features 6
IIS 7.0 and 7.5 7
ASP.NET Integration 7
Extensibility 8
Security 8
Remote Management 9
IIS Manager 10
AppCmd.exe Command-Line Utility 10
PowerShell Integration 10
Diagnostics 10
Windows Server 2012 Features 10
Server Versions 11
The New User Interface 11
Virtualization and Private Cloud 13
TLS/SSL 14
IIS 8.0 Features 15
SSL Changes 15
CPU Throttling 15
Application Warm-Up 16
WebSocket 16
Additional Features 16
CHAPTER 2: IIS 8.0 ARCHITECTURE 19
IIS Architecture Basics 20
Inetinfo.exe 20
Http.sys 21
ISAPI and CGI 22
IIS Admin Service 22
Application Pools 22
Active Server Pages 23
ASP.NET 23
IIS 7.0 and Later Architecture 24
Pipeline Modes 24
Extensibility and Modularity 26
Metabase — Going, Going, Gone! 27
WAS and the Worker Process 29
IIS 8.0 Architecture 29
SSL/SNI and Central Certifi cates 30
Dynamic IP Restrictions 31
Active CPU Throttling 31
Application Initialization 32
PowerShell Improvements 32
Windows Server 2012 Architecture 33
Virtualization and Hyper-V 33
Cloud Architecture 35
Resilient File System 36
BitLocker Drive Encryption 36
Network Access Protection 37
CHAPTER 3: PLANNING YOUR DEPLOYMENT 39
Windows 2012 Server Deployment Planning 40
Windows Server 2012 Requirements 40
Virtualization 41
Which Server Edition? 41
Upgrade or New Installation? 43
Planning Your Hardware 44
Planning Your Network 45
Planning Security 48
Planning Backup and Recovery 51
Windows Server 2012 Cloud Deployment 53
IIS 8.0 Deployment Planning 53
IIS 8.0 Requirements 53
Installation Decisions 53
Planning for IIS-Specifi c Security 54
Planning Development Environments 55
Planning Production Environments 55
Shared Confi guration 56
Content Replication 56
Application Deployment Planning 56
Automation and Deployment Tools 57
Volume Activation 58
Capacity Planning 58
Traffi c 58
WCAT 59
IIS 8.0 Request Tracing 59
Scalability 60
Application Capacity Planning 60
CHAPTER 4: INSTALLING IIS 8.0 63
Windows Server 2012 Server Manager 64
The Default IIS 8.0 Installation 65
Testing the Installation 66
Installing IIS 8.0 Using Web Platform Installer 73
Installing IIS 8.0’s Features 76
Installing IIS 8.0 Using PowerShell 79
Upgrading from IIS 7.0 to IIS 8.0 80
Installing IIS 8.0 on Windows 8 81
Installing IIS 8.0 on Windows 7 84
Automated Installation and Confi guration 85
Windows Deployment Services 85
Hosting Service Recommendations 86
Directory Structure 87
Web Server Accounts and Application Pools 88
Confi guring Shared Hosting with Managed Code 89
PART II: ADMINISTRATION
CHAPTER 5: ADMINISTRATION TOOLS 97
Key Characteristics 98
IIS Manager 99
Appearance 99
Feature Scopes 99
Features View 101
Content View 105
Feature Delegation 105
IIS Manager Extensibility 106
Remote Connections 106
Confi guration Settings 107
Confi guration File Hierarchy 107
Confi guration Levels 108
Location Tags 109
Confi guration File Structure 110
Confi guration Schema 111
Locking and Unlocking Sections 113
Command-Line Management 114
CHAPTER 6: WEBSITE ADMINISTRATION 117
Websites, Applications, and Virtual Directories 118
Websites 118
Applications 119
Virtual Directories 119
Combining Sites, Applications, and Virtual Directories 120
Creating a New Website 121
Creating a Website Using IIS Manager 121
Creating a New Application Pool for Your Site 122
Creating a Website Using AppCmd 124
Creating a New Website Using PowerShell 126
Changes to the applicationHost.confi g File 126
Confi guring Logging 127
Enabling Logging 128
Confi guring Host Headers 134
Administering Applications 138
Adding Applications Using IIS Manager 138
Adding Applications Using AppCmd 139
Deleting Applications Using IIS Manager 140
Deleting Applications Using AppCmd 140
Administering Virtual Directories 140
Creating Virtual Directories Using IIS Manager 140
Creating Virtual Directories Using AppCmd 142
Adding Virtual Directories Using PowerShell 142
Removing Virtual Directories 142
Authentication 143
Confi guring Compression 143
Confi guring Default Document Settings 146
Reordering a Document 146
Adding a Default Document 146
Confi guring MIME Settings 146
Adding MIME Types 147
Editing MIME Types 148
Removing MIME Types 148
Basic Administration Tasks 149
Confi guring Default Options for IIS 149
Starting and Stopping Services and Websites 150
Isolating Applications 151
CHAPTER 7: WEB APPLICATION ADMINISTRATION 153
Application Administration 154
ASP Confi guration 154
ASP.NET Confi guration 155
IIS 6.0 and Previous Architecture 155
IIS 8.0 Architecture 156
IIS 8.0 and ASP.NET Modules 157
ISAPI Confi guration 172
CGI Confi guration 173
FastCGI Confi guration 174
Installing PHP 174
Installing QDig 175
Installing the FastCGI Module 175
Enabling FastCGI for Use with PHP 175
Windows Process Activation Service 176
Application Initialization 176
CHAPTER 8: WEB APPLICATION POOL ADMINISTRATION 179
A Background of Website Separation 180
Defi ning Applications 180
Comparing Virtual Directories to Applications 183
Understanding the w3wp.exe Process 185
Recycling Application Pools 187
Web Gardens 188
Working with Application Pools 190
Creating Application Pools 190
Managing Settings 192
Assigning Applications and Sites to Application Pools 196
Specifying the .NET Framework Version 200
Specifying the Managed Pipeline Mode 202
Managing Active Application Pools 206
Application Pool Security 212
Application Pool Confi guration Isolation 212
Application Pool SID Injection 213
Site Anonymous User 214
Noteworthy Advanced Settings 215
Bitness 215
CPU Limits 215
Processor Affi nity 216
Application Pool Users 216
Network Service Account 217
Local Service Account 218
Local System Account 218
Windows Application Pool Identity 218
Custom User Account 219
CHAPTER 9: DELEGATING REMOTE ADMINISTRATION 221
Introducing the Main Characters 222
System Administrator 222
Site Administrator 223
The Two Shall Work as One 223
IIS Manager Remote Access 223
Installing the IIS 8.0 Management Service 223
Enabling Remote Connections 224
Authentication Types 229
Authorization at Three Levels 232
.Remote Installation and Usage 234
Extending IIS Manager 235
Delegation Settings 236
Delegation of Sections 237
Delegating the Small Details 255
CHAPTER 10: CONFIGURING OTHER SERVICES 259
Installing and Confi guring an FTP Server 260
FTP Basics 260
Planning an FTP Server Installation 261
Creating an FTP Site 265
Creating FTP Sites with PowerShell 271
Testing FTP with Telnet 271
Confi guring Existing FTP Sites 271
Home Directory 272
Advanced Settings 272
Logging 273
FTP Messages 274
Confi guring FTP User Security 274
Confi guring .NET Accounts for FTP 278
Confi guring FTP over SSL 286
Confi guring FTP User Isolation 288
Confi guring FTP Host Name Support 290
Confi guring FTP Request Filtering 291
Confi guring FTP IP and Domain Restrictions 292
Confi guring FTP Logon Attempt Restrictions 293
Administering FTP with Confi guration Files 294
Adding FTP over SSL to an Existing Site 294
Confi guring Host Name Support 296
The FTP Command-Line Client 296
Installing and Confi guring an SMTP Server 298
How SMTP Works 298
Installing SMTP 298
Confi guring the Default SMTP Server 300
SMTP Security and Authentication 302
Confi guring Additional Domains 305
SMTP Folders 305
Testing and Troubleshooting SMTP 306
Installing and Using LogParser 309
Installing LogParser 309
Using LogParser from the Command Line 309
LogParser Examples 311
PART III: ADVANCED ADMINISTRATION
CHAPTER 11: CORE SERVER 315
Background 315
Core Server and Modules 317
HTTP Modules 319
Server Workload Customization 326
Eliminating Overheads 326
A Basic Real-World Example 327
A More Complex Real-World Example 328
Customizing Individual Websites 330
Customization Using IIS Manager 334
ASP.NET and the IIS Pipeline 336
Confi guring ASP.NET Execution Mode 337
Migrating IIS 7.x ASP.NET Applications to IIS 8 339
Migrating Legacy ASP.NET Applications to IIS 8.0 339
Selecting the ASP.NET Version 340
Legacy ISAPI Support 340
CHAPTER 12: CORE SERVER EXTENSIBILITY 343
Extensibility Overview 344
IIS Module Concepts 345
Events 345
Notifi cations 347
Return Codes 348
Notifi cation Priority 349
An Example Native Module 351
Native Module Design 351
Native Module Creation 352
Native Module Wrap-Up 362
Managed Code Modules 363
Managed Event Notifi cations 364
Further Reading 365
An Example Managed Module 366
Managed Module Design 366
Managed Module Creation 366
Managed Module Wrap-Up 371
Event Tracing from Modules 371
Adding Tracing Support to a Managed Code Module 372
Extending IIS Confi guration 377
Adding Confi guration Support to Custom Modules 377
Extending the IIS Administration Tool 381
Creating an IIS Administration Tool Extension 382
CHAPTER 13: SECURING THE SERVER 393
What Is Security? 394
Managing Risk 394
Security Components 395
Types of Attacks 396
Denial-of-Service Attacks 396
Privilege Escalation Attacks 396
Passive Attacks 397
Advanced Persistent Threats 398
Securing Your Environment 398
Securing Your IIS 8.0 Server 399
IP and Domain Restrictions 399
Configuring MIME-Type Extensions 405
Confi guring ISAPI Extensions and CGI Restrictions 407
Confi guring Request Filtering 413
Application Layer Security 420
Confi guring Logging 421
CHAPTER 14: AUTHENTICATION AND AUTHORIZATION 423
Authentication in IIS 8.0 424
How IIS 8.0 Authenticates a Client 426
Confi guring Anonymous Authentication 428
Confi guring Basic Authentication 430
Confi guring Digest Authentication 433
Confi guring Integrated Windows Authentication 437
Confi guring NTLM Authentication 439
Confi guring Kerberos Authentication 443
Confi guring UNC Authentication 448
Confi guring Client Certifi cate Authentication 449
Confi guring Forms-Based Authentication 453
Confi guring Delegation 456
Confi guring Protocol Transition 461
Confi guring Authorization 462
URL Authorization 463
Confi guring Application Pool Sandboxing 466
Understanding IIS 8.0 User Accounts 468
CHAPTER 15: SSL AND TLS 471
Securing a Website with TLS 472
The SSL/TLS Handshake 473
Generating a Certifi cate Request 476
Submitting the Certifi cate Request 481
Importing the Certifi cate into IIS 8.0 483
Confi guring Website Bindings 484
Generating a Certifi cate Using Domain Certifi cate Request 485
Generating a Self-Signed Certifi cate 487
Managing an SSL/TLS-Secured Website 487
Enabling Central Certifi cate Store 492
Managing a Public Key Infrastructure 492
Securing an SMTP Virtual Server with TLS 496
Securing an FTP Site with TLS 498
CHAPTER 16: IIS SCALABILITY I: BUILDING AN IIS WEB FARM 501
IIS 8.0 and Web Farms 502
Shared Confi guration 503
Content Confi guration 520
Local Content 520
Shared Network Content 521
Shared SAN or Storage Spaces Content 523
Content Replication 524
Distributed File System 525
Robocopy 528
Offl ine Folders/Client Side Caching 529
Additional Tools 531
Web Deploy 531
Other Considerations 532
Replication 532
.NET Confi guration Files and machineKey 535
Session State 536
Security 542
CHAPTER 17: IIS SCALABILITY II: LOAD BALANCING AND ARR 545
Load-Balancing Concepts 546
Shared Concepts 546
Load-Balancing Solutions 555
Application Request Routing 558
ARR Functionality 559
Obtaining ARR 560
Understanding ARR 560
Touch Points 561
Creating a Server Farm 562
Creating Server Farm Rules 565
Health Checks 567
Web Server Bindings 571
Testing URLs Per-Site Per-Server 574
SSL/TLS Offl oading 579
Man-in-the-Middle and ARR Helper 580
Server Management 581
Performance Monitoring 584
Caching 584
Miscellaneous Optimizations 588
High Availability for ARR 589
Network Load Balancing 590
Frameworks 594
Web Farm Framework 594
Windows Azure Services 595
CHAPTER 18: PROGRAMMATIC CONFIGURATION
AND MANAGEMENT 597
Confi guration Optimization 598
Direct Confi guration 599
Confi guration File Hierarchy 599
Order of Operation 601
Collection Items 602
Section Structure 605
Location Tag 607
Inheritance 610
Locking 611
childConfi g/sourceConfi g 612
Confi guration Path 612
Schema Extensibility 613
Programmatic Confi guration 618
IIS 8.0 Programming Walk-Through 618
Microsoft.Web.Administration (MWA) 626
Microsoft.Web.Management (MWM) 634
ABO, ADSI, and Legacy API Support 635
IIS WMI Provider 636
AHAdmin 639
Confi guration Editor 641
Modifying the Custom Extended Schema 642
Modifying the Confi guration Item 643
Modifying an Attribute and Viewing the Generated Scripts 644
Command-Line Management 646
Using AppCmd.exe 648
Getting Help 648
Using the list Command 650
AppCmd Attributes and Values 653
Managing Objects 653
Determining Which Attributes Are Associated with an Object 654
Backing Up and Restoring 657
Locking and Unlocking the Confi guration 664
Piping with XML 664
IIS PowerShell Management 665
PowerShell IIS Cmdlets 666
Getting Help 668
Using PowerShell IIS Cmdlets 671
Creating a Website and Viewing the Results 673
Modifying the Attributes of a Website 676
IIS Operational Activities Using PowerShell 677
Backing Up and Restoring Using IIS PowerShell 679
CHAPTER 19: URL REWRITE 681
URL Rewrite Concepts 682
Conditions 682
Actions 683
Obtaining and Installing URL Rewrite 686
Getting Started Walk-Through 687
Managing URL Rewrite 691
Using IIS Manager 691
Using a Text Editor 691
Using APIs 692
Applying URL Rewrite Rules 692
Global Level — <globalRules> 692
Global Level — <rules> 693
Site Level — applicationHost.confi g 693
Site Level — web.confi g 694
Subfolder Level — web.confi g 694
Rule Templates 695
Inbound Rule Templates 696
Inbound and Outbound Rules Templates 697
Outbound Rules Template 699
Search Engine Optimization Templates 699
Input Variables 701
Common URL Parts 702
Additional Input Variables 703
Wildcards Pattern Matches 704
Regular Expressions 705
10 Things You Need to Know about Regex 707
Back-References 712
Rule Back-References versus Condition Back-References 712
Wildcards Back-References 713
Capturing Back-References across Conditions 713
Where to Use Back-References 714
Setting Server Variables 715
Request Headers 715
Allowed Server Variables 716
Special Considerations 716
Redirecting to SSL 716
Checking If a Request Is for a File or a Directory 718
Considering ScriptResource.axd and WebResources.axd 719
Caching IIS Output 719
Using String Functions with Rule Actions and Conditions 721
Importing Rules from mod_rewrite 722
Logging Rewritten URLs 722
Rewrite Maps 722
Common Rules 725
Redirecting Non-www to www (Canonical Hostnames) 726
Creating a Down for Maintenance Page 726
Preserving Old Urls 728
Preventing Image Hot-Linking 729
Blocking Requests 729
Redirecting a Subdomain to Subfolder 730
Adding HTTP_PROTOCOL 731
Hosting Multiple Domains under One Site 732
Using Query String Logic for Rules 732
Outbound Rules 732
Outbound Rules versus Inbound Rules 733
Outbound Rule Walk-Throughs 733
Further Outbound Rule Considerations 738
Troubleshooting URL Rewrite 738
Create a Testing Rule 739
Create a Stopping Rule 739
Reviewing Input Variables 739
Fiddler and Firebug 739
Test Pattern Tool 740
Display Variable Trick 741
Failed Request Tracing 741
Simplify 741
CHAPTER 20: CONFIGURING PUBLISHING OPTIONS 743
Web Platform Installer 744
Using Web Platform Installer 744
Web Application Gallery 746
Installing Gallery Applications 746
Web Deployment Tool 751
Installing Web Deploy with Web PI 751
Installing Web Deploy Directly 751
Deploying Web Applications 753
Migrating and Synchronizing Web Servers 756
FTP Publishing 759
Confi guring FTP Publishing with IIS Manager 760
Confi guring FTP Publishing with Confi guration Files 762
WebDAV Publishing 763
Installing and Confi guring WebDAV 764
Visual Studio Publishing 768
Publishing Websites 769
Publishing Web Applications 771
PART IV: MANAGING AND OPERATING IIS 8.0
CHAPTER 21: IIS AND OPERATIONS MANAGEMENT 779
Management Approaches 779
ITIL Standards 780
MOF: Microsoft’s ITIL Superset 781
Applying MOF to IIS Operations Management 784
Operational Tasks 797
Backup and Restore Program 797
CHAPTER 22: MONITORING AND PERFORMANCE TUNING 805
Monitoring Websites 806
How to Monitor IIS 8.0 806
What to Monitor 824
Performance Tuning 831
Operating System Optimizations 832
IIS Service Optimizations 835
Website Optimizations 842
CHAPTER 23: DIAGNOSTICS AND TROUBLESHOOTING 851
Types of Issues 852
Specifi c Errors 852
Hang/Time-Out Issues 852
Resource-Intensive and Slowness Issues 853
Runtime Status and Control API 854
Viewing Worker Processes 855
Viewing Page Requests 858
Viewing Application Domains 861
IIS 8.0 Error Pages 861
Customizing Custom Error Pages 863
Multiple Language Support 866
HTTP Status Codes 866
FTP Status Codes 867
Failed Request Tracing 867
Setting Up Failed Request Tracing Rules 868
Reading the XML Trace Logs 871
Logging 873
ASP.NET Tracing 874
Enabling ASP.NET Tracing 876
The ASP.NET Trace Viewer 877
Troubleshooting Tips 880
Reproduce 880
Isolate 881
Fix 884
Test 884
Additional Built-In Tools 885
Task Manager 885
Event Viewer 885
Reliability and Performance Monitor 888
Logging NTFS Failures to Disk 895
ping, tracert, and pathping 896
telnet 898
Installable Tools 899
WFetch 899
Web Capacity Analysis Tool 899
LogParser 900
DelegConfi g 901
Process Explorer 902
Process Monitor 904
The Debug Diagnostic Tool 909
ProcDump 914
WinDbg 915
Where to Go Next 921
INDEX 923
What is included with this book?
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.
Please wait while the item is added to your bag...
×
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.